[Dnsmasq-discuss] dig for an ip address returns A record instead of NXDOMAIN
/dev/rob0
rob0 at gmx.co.uk
Thu Mar 31 14:31:08 BST 2016
On Thu, Mar 31, 2016 at 10:10:37AM +0200, Albert ARIBAUD wrote:
> Le Wed, 30 Mar 2016 16:59:07 -0400
> Jeff Weber <jweber at cofront.net> a écrit:
>
> > The behavior I'm seeing it that any host with dnsmasq in it's
> > query path when running dig returns an A record the response is
> > NOERROR and the answer section has an A record which looks like
> >
> > 192.168.100.100. 0 IN A 192.168.100.100
> >
> > If I perform a dig against the upstream server directly I receive
> > an NXDOMAIN.
> >
> > I made the assumption that dnsmasq was creating this response
> > was coming from dnsmasq. I'll do a more detailed investigation
> > to validate that is true.
>
> I can confirm this behavior on a dnsmasq v2.62 configured with
Sorry Jeff and Albert, I should have been more explicit. Yes, these
zero-TTL A records for "ip.add.re.ss." are indeed coming from
dnsmasq. I was only pointing out that to see them means that you're
misusing "dig".
So Jeff's question was valid and his observation was correct. The
question remains, how to control this feature of dnsmasq. I went
through the man page just now and did not see anything which looked
likely to do it.
> static leases plus a static list of local hosts (so that name
> resolution works even when host is down). Running dig from the server
> itself, thus asking dnsmasq directly, yields the following:
>
> $ dig jdoe
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25422
> ...
> ;; ANSWER SECTION:
> jdoe. 0 IN A 192.168.0.1
> ...
> $ dig -x 192.168.0.1
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5779
> ...
> 192.168.0.1. 0 IN A 192.168.0.1
> ...
Um, I think you had a copy/paste error/omission here, Albert. As I
mentioned, -x changes the query type to PTR and the query name to
<here.reversed.are.elements>.in-addr.arpa.
dig -x elements.are.reversed.here
Try it, it's really not very smart. :)
dig's BIND brother host(1) is a bit more user-friendly in this
regard, because it acts on a dotted quad as you might expect, not
requiring the "-x" to do the reversal and query for PTR.
> Its local upstream is an unbound server on the same machine and
> on port:
>
> $ dig -p 1234 192.168.0.1
> ...
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61710
> ...
Here without the -x the query is for an A record for "192.168.0.1."
in the "1" top-level domain.
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the Dnsmasq-discuss
mailing list